Add a docker-registry secret with Gitlab CI token and use it as pull secret.

We dry-run the kubectl create secret docker-registry and apply the produced YAML because the create secret command doesn't support replacing an existing secret.
Also the docker-email is supplied as the $GITLAB_USER_EMAIL, this shouldn't make a difference because it's only used during sign-ip (which should never happen).